From: Jouni Malinen Date: Fri, 26 Apr 2019 13:24:31 +0000 (+0300) Subject: Ignore channel switch event if AP interface is not yet ready X-Git-Tag: hostap_2_9~324 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3805fb62318741debf55ecb1a6ce9e4e60ae38d;p=thirdparty%2Fhostap.git Ignore channel switch event if AP interface is not yet ready It is apparently possible to somehow trigger the driver to report a channel switch event during ACS operation when the interface information is not yet complete. hapd->iface->current_mode could be NULL in that case and that would result in process termination due to NULL pointer dereference. It should not really be possible to trigger a channel switch during ACS is running (i.e., before the AP mode operation has been started), but since that has been seen in an arbitrary test sequence with interface start/stop operations with various parameters (both valid and invalid), better prevent a crash here by ignoring the unexpected event instead of trying to process it. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 58753e55a..6a40b8f98 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -789,6 +789,13 @@ void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht, freq, ht, hapd->iconf->ch_switch_vht_config, offset, width, channel_width_to_string(width), cf1, cf2); + if (!hapd->iface->current_mode) { + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "ignore channel switch since the interface is not yet ready"); + return; + } + hapd->iface->freq = freq; channel = hostapd_hw_get_channel(hapd, freq);